Android users hit by lethal Trojan root hack

[InfoSec News <alerts () infosecnews org>]

http://news.techworld.com/security/3298629/android-users-hit-by-lethal-trojan-root-hack/

By John E Dunn
Techworld
23 August 11

Researchers have publicised probably the most dangerous Android malware 
examples yet discovered, a Trojan that exploits the GingerBreak root 
hack (CVE-2011-1823) in Android 2.3 that gained wide publicity after its 
discovery in April.

According to a team at North Carolina State University, which analysed 
the malware in conjunction with Chinese mobile security firm NetQin, 
‘GingerMaster’ bears many of the hallmarks of the growing family of 
Android Trojans that currently circulate on third-party sites in China 
but with some interesting and dangerous new innovations.

Packaged as part of what appears to be a legitimate app showing pictures 
of women, GingerMaster uploads as much user and device information as it 
can to a remote server, including smartphone IMEI and telephone number. 
At this point the server will silently download malware exploiting the 
GingerBreak root hack which once installed will have complete control 
over the smartphone.

Because this is a root hack, the malware is able to bypass the Android 
system that controls app permissions, which brings home the seriousness 
of this type of fundamental attack. With such low-level access, Android 
security programs will be powerless to stop it and getting rid of it 
will for most users require a complete device wipe and factory reset.

[...]

_____________________________________________________________
Register now for the #HITB2011KUL - Asia's premier
deep-knowledge network security event now in it's 9th year!
http://conference.hitb.org/hitbsecconf2011kul/